gsd-2024-1597
Vulnerability from gsd
Modified
2024-02-17 06:02
Details
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-1597" ], "details": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.", "id": "GSD-2024-1597", "modified": "2024-02-17T06:02:26.789374Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cna@postgresql.org", "ID": "CVE-2024-1597", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "pgjdbc", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003c 42.7.2" }, { "version_affected": "=", "version_value": "\u003c 42.6.1" }, { "version_affected": "=", "version_value": "\u003c 42.5.5" }, { "version_affected": "=", "version_value": "\u003c 42.4.4" }, { "version_affected": "=", "version_value": "\u003c 42.3.9" }, { "version_affected": "=", "version_value": "\u003c 42.2.28" } ] } } ] }, "vendor_name": "pgjdbc" } ] } }, "configuration": [ { "lang": "en", "value": "Client must run code with PreferQueryMode=Simple" } ], "credits": [ { "lang": "en", "value": "The pgjdbc project thanks Paul Gerste for reporting this problem." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-89", "lang": "eng", "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", "refsource": "MISC", "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56" }, { "name": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", "refsource": "MISC", "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/" }, { "name": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", "refsource": "MISC", "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/" }, { "name": "https://security.netapp.com/advisory/ntap-20240419-0008/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20240419-0008/" } ] }, "work_around": [ { "lang": "en", "value": "Don\u0027t use SimpleQuery mode" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F0F89A-760E-4592-B142-0A28A0BCD61F", "versionEndExcluding": "42.2.28", "vulnerable": true }, { "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AF8DB08-81BB-48AD-85E5-B05220E49EA6", "versionEndExcluding": "42.3.9", "versionStartIncluding": "42.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "3453F9D3-2F9E-493F-8993-4F2A9B9E53F2", "versionEndExcluding": "42.4.4", "versionStartIncluding": "42.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "99C07B95-DBCC-4DB2-9896-2F7A98CEC91B", "versionEndExcluding": "42.5.5", "versionStartIncluding": "42.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "F30ED3D3-46C8-49D8-BF6F-B804CF8FF02C", "versionEndExcluding": "42.6.1", "versionStartIncluding": "42.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F88E552-40D4-4287-9357-00D352133ADC", "versionEndExcluding": "42.7.2", "versionStartIncluding": "42.7.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected." }, { "lang": "es", "value": "pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\u00edn para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas." } ], "id": "CVE-2024-1597", "lastModified": "2024-04-19T07:15:09.047", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] }, "published": "2024-02-19T13:15:07.740", "references": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": [ "Third Party Advisory" ], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56" }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/" }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://security.netapp.com/advisory/ntap-20240419-0008/" }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": [ "Release Notes" ], "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/" }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": [ "Third Party Advisory" ], "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/" } ], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.